Candidate: CVE-2013-5093
PublicDate: 2013-09-27 10:08:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5093
 http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
 http://www.openwall.com/lists/oss-security/2013/09/27/10
Description:
 The renderLocalView function in render/views.py in graphite-web in Graphite
 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows
 remote attackers to execute arbitrary code via a crafted serialized object.
Ubuntu-Description:
Notes:
 seth-arnold> upstream 0.9.12 includes some XSS fixes that don't (yet?) have a CVE
  entry; a full update might be better.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720454
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_graphite-web:
 upstream: https://gist.github.com/mleinart/6285953
upstream_graphite-web: released (0.9.11, 0.9.12)
lucid_graphite-web: DNE
precise_graphite-web: DNE
quantal_graphite-web: DNE
raring_graphite-web: DNE
devel_graphite-web: not-affected (0.9.12+debian-1)